K-Pop Fans Are the New Anonymous

Back in 2016, the once-notorious hacktivist group Anonymous fell apart. It was during the U.S. presidential campaign when Anonymous publicly announced two operations with conflicting political agendas: OpTrump vs. OpHillary. As a result, Anonymous fell apart due to internal fighting over political affiliation. What was left of Anonymous and their ‘newblood’ lingered on Facebook for the last four years, where they have tried to convince users that they were still relevant.

In the old days of Anonymous, they had neither political objectives, nor a desire to be politically correct. They said they stood for letting everyone’s voice being heard and would amplify those they believed in need, and on occasion, would silence those who they believed needed a hard reality check. At the end of the day, in their minds they were fighting for the oppressed. They engaged in activities where they would set hacktivists up on charges and then use them to conduct operations which they couldn’t do themselves.

In my opinion, the demise of Anonymous was a result of power grabs and acts of subversion over political affiliation. After Anonymous fell apart in 2016, a new far-right conspiracy theory group called QAnon came out of the depths of 4chan to capitalize on the void left by Anonymous and began manipulating and controlling a digital army in a similar fashion. But, just like that, there was no more group organized Denial of Service attacks. No more mainstream defacement or digital protests.

[You may also like: Ghosting Bots: The Story of Hoaxcalls Failures]

But after four years, some have decided to pick up the mask and attempt to run a half-decade old playbook after George Floyd died at the hands of the Minneapolis Police on May 25th, 2020.

Cyber Protests

As a result of Floyd’s death, protests have erupted all over the United States and Europe. In general, all conflicts have both a physical and a cyber nature to them, even if one isn’t reported. And when a conflict reaches a certain level of social awareness, a silent “hero” typically steps up to fight for those who they believe cannot.

Concerning the death of George Floyd, there has been a massive cyber movement in alliance with the Black Lives Matter movement, including the alleged return of Anonymous. The problem is, old and established accounts have been blindly co-signing the activities without verification. And just like the later years of Anonymous, the new actors or old actors representing Anonymous don’t deliver.

[You may also like: Who’s Viktor? Tracking down the XTC/Polaris Botnets.]

Posting re-packed data used to be an old tactic. The objective was not to hack, but rather to manipulate and repack data so they could troll the media into creating headlines that were aligned with the general narrative of the operation. Long ago, Anonymous lost their ability to hack. Today they can only amplify legitimate or illegitimate content in an attempt to direct attention to a cause. In my opinion, Anonymous’s actions have become similar to the type of person who knowingly gives counterfeit money to a charity.

Take, for example, the alleged Minneapolis Police Department data breach. In a blog published by Troy Hunt, he examined the leak and concluded that the data was repackaged from prior data breaches.

The problem is, the media is quicker nowadays and Anonymous is trying to pull outdated moves on a savvier generation of information security professionals.

[You may also like: DDoS in the Time of COVID-19: Attacks and Raids]

Security Researcher: @zer0pwn

It didn’t take long for the main tool for OpMinneapolis to go through a public review that didn’t end well for the operators. Anonymous members AnonUSA and S0uL were pushing an old Layer 7 attack script on GitHub. And just in case you couldn’t run the script, they posted a tutorial on how to be a skid on YouTube. It is also suspected that the group was also using a tool called Bane.

Tools and attack vectors are not what defines the success of an attack. Given enough diversity in sources and with a common layer of SSL/TLS encryption one can evade many layers of detection between the origin and the target. Simple tools can become effective weapons when given the power of numbers and when privacy concerns limit the inspection of encrypted traffic in-flight. Combined with legitimate traffic, a flood of encrypted malicious traffic that cannot be discerned from legitimate traffic without expensive decryption quickly becomes a complex problem to keep the legitimate traffic from becoming a victim of the malicious traffic. Given the right approach and strategy however, organizations can successfully fend them off.

In a statement posted to twitter by the Minnesota IT Service, Tomes stated that the MNIT’s Security Operation Center became the target of such distributed denial-of-service attack, which was repelled with success and left their services unimpacted by the attempt.

Anonymous was never known for building and maintaining an arsenal of sophisticated attack tools. Where other actors researched and invested in automation of their attacks, building and maintaining what we came to know as botnets, Anonymous always relied on organizing human volunteers to run scripts at a specific time from their devices, basically a human network of script robots.

Fending off DDoS attacks comes with many different problems depending on the nature and flavor of the attack. Encrypted attacks can leverage the power of numbers and hide behind the need for privacy. Amplification attacks are by nature easy to detect and stop, for as long as their volumes are not reaching levels the target cannot consume. Today, the world record for the largest amplification DDoS attack is a whopping 2.3Tbps CLDAP attack directed at Amazon.  Anonymous never possessed the ability to launch such voluminous attacks or the sophistication to build and maintain a botnet. It was only offset groups such as Lulzsec and Lizard Squad that had cyber hand cannons and the ability to create a botnet that could reach 1Tbps.

The cyber events over the past few weeks have proven why Anonymous has become obsolete, highlighting the need for a new hacktivist group that doesn’t live off the names of the past. A group that has grown and evolved with the industry.

Player 2 Has Entered the Game

While Anonymous regroups for a Black Lives Matter operation by beating up on unprotected sites in Kenya and internally fighting about Trump again, K-Pop fans have risen as the new hacktivist for justice, and I have to say, I think it’s time we cancel Anonymous and elect K-Pop fans as the final boss of the internet.

[You may also like: 3 Reasons Why DDoS Protection is Your Best Investment]

Did I lose you at K-Pop? If you have been living under a rock, K-Pop, Korean Pop, runs the internet nowadays and their fans roll deep. How deep? While @YourAnonCentral has 6.5 million followers, a single K-Pop group, BTS, has 26.4 million devout fans who will stop at nothing and do anything the groups get involved in. If a member wears a certain item, or post anything personal, it sends their fans into a frenzy.

This is where K-Pop takes over while Anonymous deals with internal issues once again. During the Black Lives Matter protests in the United States, K-Pop fans decide to give those being oppressed a bigger voice (something Anonymous hasn’t been able to do in years). In Texas, the Dallas Police Department decided the Black Lives Matter protest gave them a perfect chance to test out their new app that allows people to report on protester activity. The Internet delivered.

K-Pop fans leveraged the power of their digital army to cause service degradation for the iWatch app by flooding it with Fancam videos. This massive flood of content from unique users ultimately forced the app offline. And the best part, just like the old days of Anonymous raids, they used the power of their social botnet to support the protesters. No political affiliation. No subversion.

Why K-pop Fans Are the New Anonymous

There are a few reasons why I believe K-Pop fans are the new Anonymous. Mainly because they represent the old ways of Anonymous, back when activities were amplifying their believed oppressed or pranking those who were believed to need a reality check. Back when the power of a social botnet was more powerful than an IoT botnet.

I will give it to them, Anonymous tried to come back, but they instantly repeated the very thing that caused them to fail in the first place: They faked data leaks, pushed outdated tools, and tried to get others to commit the crime for them.

Download Radware’s “Hackers Almanac” to learn more.

Download Now

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center